I am looking for good documentation for setting up roaming and mandatory profiles on Server 08 R2 and Windows 7 Pro. Most all of the doc's on the web are dealing with Server 2003 and Win XP or Vista. Does anyone have links that might help?

Not entirely sure where I got this original guide from, seem to remember it was from a Microsoft Engineer posting somehwere on his blog - So thanks Mysterious Microsoft Man ;), but its something that has always served me right when using it

Set up a share on the server. For example - d:\profiles, shared as profiles$ to make it hidden from browsing. Make sure this share is *not* set to allow offline files/caching! (that's on by default - disable it)

Make sure the share permissions on profiles$ indicate everyone=full control. Set the NTFS security to administrators, system, and users=full control.

In the users' ADUC properties, specify \\server\profiles$\%username% in the profiles field

Have each user log into the domain once - if this is an existing user with a profile you wish to keep, have them log in at their usual workstationand log out. The profile is now roaming.

If you want the administrators group to automatically have permissions to the profiles folders, you'll need to make the appropriate change in group policy. Look in computer configuration/administrative templates/system/user profiles - there's an option to add administrators group to the roaming profiles permissions. Do this *before* the users' roaming profile folders are created - it isn't retroactive.

NOTES

Keep your profiles TINY. Via group policy, you should be redirecting My Documents (at the very least) - to a subfolder of the user's home directory or user folder. Also consider redirecting Desktop & Application Data similarly..... so the user will end up with:

\\server\users\%username%\My Documents

\\server\users\%username%\Desktop

\\server\users\%username%\Application Data.

[Alternatively, just manually re-target My Documents to \\server\users\%username% (this is not optimal, however!)]

You should use folder redirection even without roaming profiles, but it's especially critical if you *are* using them.

If you aren't going to also redirect the desktop using policies, tell users that they are not to store any files on the desktop or you will beat them with a stick. Big profile=slow login/logout, and possible profile corruption.

IMPORTANT NOTE: User profiles are not compatible between different OS versions, even between W2k/XP. Keep all your computers. Keep your workstations as identical as possible - meaning, OS version is the same, SP level is the same, app load is (as much as possible) the same.

Not entirely sure where I got this original guide from, seem to remember it was from a Microsoft Engineer posting somehwere on his blog - So thanks Mysterious Microsoft Man ;), but its something that has always served me right when using it

Set up a share on the server. For example - d:\profiles, shared as profiles$ to make it hidden from browsing. Make sure this share is *not* set to allow offline files/caching! (that's on by default - disable it)

Make sure the share permissions on profiles$ indicate everyone=full control. Set the NTFS security to administrators, system, and users=full control.

In the users' ADUC properties, specify \\server\profiles$\%username% in the profiles field

Have each user log into the domain once - if this is an existing user with a profile you wish to keep, have them log in at their usual workstationand log out. The profile is now roaming.

If you want the administrators group to automatically have permissions to the profiles folders, you'll need to make the appropriate change in group policy. Look in computer configuration/administrative templates/system/user profiles - there's an option to add administrators group to the roaming profiles permissions. Do this *before* the users' roaming profile folders are created - it isn't retroactive.

NOTES

Keep your profiles TINY. Via group policy, you should be redirecting My Documents (at the very least) - to a subfolder of the user's home directory or user folder. Also consider redirecting Desktop & Application Data similarly..... so the user will end up with:

\\server\users\%username%\My Documents

\\server\users\%username%\Desktop

\\server\users\%username%\Application Data.

[Alternatively, just manually re-target My Documents to \\server\users\%username% (this is not optimal, however!)]

You should use folder redirection even without roaming profiles, but it's especially critical if you *are* using them.

If you aren't going to also redirect the desktop using policies, tell users that they are not to store any files on the desktop or you will beat them with a stick. Big profile=slow login/logout, and possible profile corruption.

IMPORTANT NOTE: User profiles are not compatible between different OS versions, even between W2k/XP. Keep all your computers. Keep your workstations as identical as possible - meaning, OS version is the same, SP level is the same, app load is (as much as possible) the same.

Let us know how you get on

Cheers

Andy

0

This discussion has been inactive for over a year.

You may get a better answer to your question by starting a new discussion.